Do you mean smart card or HSM here ? (I wasn't aware that SafeNet was producing any card, but I might be wrong here).
They make a variety of cards and USB tokens. An HSM is overkill and way too expensive for my use case. Really I'm just looking to generate and store my private keys in a smart card. I'm looking for certifications mostly as a stand-in for satisfying my personal paranoia; I'm not looking to do any commercial development with them at this phase.
The main issue you'll see with most (all ?) smart card implementations is that while the hardware has some kind of certification, the software is not fit for Bitcoin specific use case, if you want to fully support the protocol onboard - in the easiest use case (Java Card) you'd need a way to perform a signature over the secp256k1 curve with SHA 256, which is not something provided by the Java Card standard. There are a few proprietaries implementation though - (you can search for ALG_ECDSA_SHA256 on Google) - but I'm not sure they are easy to obtain, and it would most likely lock your implementation to a single provider.
I'm afraid other options to get a certified product are pretty long and costly (again, if you want to fully support the protocol onbard) - you'd work on a certified hardware, implement a certified ECC signature on top of it, then the Bitcoin application (which might change frequently considering the standard is not frozen, another issue for the certification). Before that you need to define your certification profile.
I'd also stay away from a pure Java Card ECC crypto implementation considering it'd be very slow and pretty much vulnerable to side channel attacks as well as more intrusive attacks.
Another approach (the one we chose) can be to design a non certified application on certified hardware, which is IMHO good enough for the time being (i.e. better than everything else using non certified hardware from a security point of view, and ready for certification in case someone is interested enough to jump through all hoops) - in this case, you'll need to pick the hardware platform - pretty much all usual vendors will offer something certified at the hardware level - then buy/design yourself the crypto library (the hardware will only provide you accelerated modular arithmetic operations), then design yourself the Bitcoin application.
This is helpful, thanks. I'm hoping for something with an actual implementation, because I'm comfortable writing a PKCS#11 application, but less so making with implementing actual cryptographic operations - I'm certain to get it wrong somehow.
I'm thinking I'll send an inquiry to SafeNet and see whether they support the curves and the specific mechanism I need. Of course, I have no idea how one goes about buying a small quantity of *anything* from these guys.
